Yellowfin Team (Agent Role)
X-Frame-Options Header
Resolved
I've received a finding that Yellowfin isn't using X-Frame-Options: DENY in the HTTP Headers.
I've received a finding that Yellowfin isn't using X-Frame-Options: DENY in the HTTP Headers.
The same problem 
This can be resolved at the Tomcat level by implementing HTTP Header Security (Tomcat 8 +). Simple add the following to <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml inside the <web-app> tag:
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>- Ryan
Comments have been locked on this page!